79Articles
7Categories
2023-12-20Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
20 DecThreat Actors Exploit CVE-2017-11882 to Deliver Agent TeslaThe Agent Tesla malware uses obfuscated VBS files and steganography techniques to download a Base64-encoded DLL, which is then decoded and loaded to carry out malicious procedures.ZSCALER.COM
20 DecTerrapin - SSH prefix truncation attack - CVE-2023-48795submitted by L4s to secops 1 points | 0 comments https://terrapin-attack.com/ Terrapin - SSH prefix truncation attack - CVE-2023-48795::undefinedTERRAPIN-ATTACK.COM
20 DecIncrease in Exploit Attempts for Atlassian Confluence Server (CVE-2023-22518), (Wed, Dec 20th)Today, exploit attempts for %%cve:2023-22518%% cross the "significant" threshold for our " First Seen URLs " list. The URL being accessed, " /json/setup-restore.action?synchronous=true ", can be used to bypass authentication [1]. Due to a failur…ISC.SANS.EDU
⚠️ VULNERABILITY DISCLOSURE 22[−]
20 DecAustralian federal government opens consultation on mandatory ransomware reporting obligation for businessesThe Australian Federal government launched the Cyber Security Legislative Reforms consultation paper on 10 December to gather citizens and businesses views on new legislative initiatives and proposed amendments to the Security of Critical Infrastructure Act 2018. This consultatio…CSOONLINE.COM
20 Dec5 things you need to know about your EDREndpoint detection and response (EDR) is a protection approach that monitors endpoint devices across a network and blocking threats as these are identified. Like any other cybersecurity products, it can only protect a network if set up appropriately and tested. Based on my decade…CSOONLINE.COM
20 DecTerrapin Attacks can Downgrade Security of OpenSSH ConnectionsThe attack exploits weaknesses in the SSH transport layer protocol and encryption modes used by a majority of current implementations, making it a significant concern for the cybersecurity community.BLEEPINGCOMPUTER.COM
20 DecCyber Security Today, Dec. 20, 2023 - Data on over 35 million Comcast customers stolen because patching wasn't fast enoughThis episode reports on a warning of a vulnerability in the SSH protocol, the latest multi-million person data breaches and moreCYBERSECURITYTODAY.LIBSYN.COM
20 DecHackers Leveraging GitHub Platform for Hosting MalwareResearchers have discovered two novel techniques on GitHub: one exploits GitHub Gists, while the other involves sending commands through Git commit messages. Malware authors will occasionally upload samples to services such as Dropbox, Google Drive, OneDrive, and Discord to host …GBHACKERS.COM
20 DecAuthorities Claim Seizure of Notorious ALPHV Ransomware Gang’s Dark Web Leak SiteThe FBI has released a decryption tool that has helped over 500 ALPHV ransomware victims restore their systems, saving them from paying approximately $68 million in ransom demands.TECHCRUNCH.COM
20 DecHow next-gen firewalls meet the demands of a new threat landscapeBusinesses are facing a perilous security threat landscape, with ransomware, compromised email, state-sponsored hackers and supply chain vulnerabilities, among the lead challenges. In such a fast-evolving landscape, some believe that the firewall has become irrelevant, but they'r…CSOONLINE.COM
20 DecThe 5 fundamentals of powerful, next-generation firewallsAs more businesses work globally, often underpinned by a hybrid working model, cybersecurity must be optimised to counter ambitious cybercriminals. In particular, security teams must protect business networks where people are logging on across multiple territories and any number …CSOONLINE.COM
20 DecXfinity Data Breach Impacts 36 Million IndividualsThe recently disclosed Xfinity data breach, which involved exploitation of the CitrixBleed vulnerability, impacts 36 million individuals The post Xfinity Data Breach Impacts 36 Million Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
20 DecSMTP smuggling enables email spoofing while passing security checksSecurity researchers have found inconsistencies in how some Simple Mail Transfer Protocol (SMTP) servers handle end-of-data sequences. This allows the injection of SMTP commands into email messages in a way that causes receiving servers to treat them as two separate messages with…CSOONLINE.COM
20 DecComcast Ties Breach Affecting 36M Customers to Citrix BleedAttackers Apparently Stole Authenticated Sessions to Hit Telecommunications Giant Comcast says attackers stole personal information pertaining to 35.9 million customers of its Xfinity-branded TV, internet and home telephone services in an October attack that targeted a vulnerabil…DATABREACHTODAY.CO.UK
20 DecGlobal Law Enforcement Seizes $300 Million, Arrests 3,500 Involved in Transnational Cybercrime OperationThe operation targeted various online scams, including voice phishing, romance scams, investment fraud, and e-commerce fraud, highlighting the significant financial incentives driving the growth of organized cybercrime.THERECORD.MEDIA
20 DecMozilla Patches Firefox Vulnerability Allowing Remote Code Execution, Sandbox EscapeFirefox and Thunderbird security updates released this week address multiple memory safety bugs in both products. The post Mozilla Patches Firefox Vulnerability Allowing Remote Code Execution, Sandbox Escape appeared first on SecurityWeek .SECURITYWEEK.COM
20 DecBlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on TargetsThe BlackCat/Alphv ransomware group is dealing with the government operation that resulted in website seizures and a decryption tool. The post BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on Targets appeared first on SecurityWeek .SECURITYWEEK.COM
20 DecApple Releases Security Updates for Multiple ProductsApple has released security updates to address vulnerabilities in Safari, iOS, iPadOS, and macOS Sonoma. A cyber threat actor could exploit one of these vulnerabilities to obtain sensitive information. CISA encourages users and administrators to review Apple security releases and…CISA.GOV
20 DecHealthcare software provider data breach impacts 2.7 millionESO Solutions, a provider of software products for healthcare organizations and fire departments, disclosed that data belonging to 2.7 million patients has been compromised as a result of a ransomware attack. [...]BLEEPINGCOMPUTER.COM
20 DecMozilla Releases Security Updates for Firefox and ThunderbirdMozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and app…CISA.GOV
20 DecIvanti releases patches for 13 critical Avalanche RCE flaws​Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution. [...]BLEEPINGCOMPUTER.COM
20 Dec KEVGoogle fixes 8th Chrome zero-day exploited in attacks this yearGoogle has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year. [...]BLEEPINGCOMPUTER.COM
20 DecFake F5 BIG-IP zero-day warning emails push data wipersThe Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 6[−]
20 DecHealthcare Cybersecurity Proposal Stirs Industry OppositionLobbyists for U.S. hospitals are opposing a proposal by the Biden administration for mandatory cybersecurity requirements and potential financial penalties for organizations that fail to meet them.BANKINFOSECURITY.COM
20 DecCISA Plans to Improve Threat Data-Sharing Approaches in 2024US Cyber Agency to Begin 2-Year Major Overhaul of Its Legacy AIS Program The Cybersecurity and Infrastructure Security Agency announced plans to launch a two-year effort beginning in 2024 to modernize its legacy Automated Indicator Sharing program as part of an effort to enhance …DATABREACHTODAY.CO.UK
20 DecNIST Seeks Public Comment on Guidance for Trustworthy AIAgency Calls for Information on Gen AI Risk Management, Red-Teaming Efforts The U.S. National Institute of Standards and Technology is soliciting public guidance on implementation of an October White House executive order seeking safeguards for artificial intelligence. The order …DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 12[−]
20 DecReport: Insurer’s UK Honeypots Attacked 17 Million Times Per DayLegacy vulnerabilities and Remote Desktop Protocol (RDP) endpoints are being singled out by attackers, according to new data based on billions of recorded cyberattacks in 2023 by insurer Coalition.INFOSECURITY-MAGAZINE.COM
20 DecRansomware gang ‘unseizes’ its site and issues new threats after FBI takedownsubmitted by ylai to cybersecurity 2 points | 0 comments https://www.theverge.com/2023/12/19/24008093/alphv-blackcat-ransomware-gang-site-seized-fbi-dojTHEVERGE.COM
20 DecJaskaGO’s Coordinated Strike on macOS and WindowsThe malware utilizes extensive commands from its C2 server, enabling it to exfiltrate valuable user information, including browser credentials and cryptocurrency wallet details.CYBERSECURITY.ATT.COM
20 DecRansomware Trends and Recovery Strategies Companies Should KnowRansomware activity continues to rise, and organizations expect to increase spending on ransomware preparedness. Ransomware groups are continually using new vulnerabilities and coercive tactics to extort payments.HELPNETSECURITY.COM
20 DecAnti-Ransomware Startup Halcyon Lands Fresh $40M TrancheThe oversubscribed Series B funding round was led by Bain Capital Ventures. The company aims to use the funds to expand its product lines, enhance its services, and strengthen its sales and marketing efforts.TECHCRUNCH.COM
20 DecALPHV/BlackCat ransomware operation disrupted, but criminals threaten more attacksThe FBI has disrupted the operations of the ALPHV ransomware group, and seized decryption keys that could help 500 victims unscramble their files without having to pay a ransom. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
20 DecCryptoGuard: An asymmetric approach to the ransomware battleIn the second of our new technical thought leadership series, Sophos X-Ops takes a detailed look at anti-ransomware techniquesSOPHOS.COM
20 DecHackers Abuse Bot Protection Tool to Launch Cyber AttacksPredator, a bot protection tool designed to fight against bots and crawlers, has now been found to be abused by threat actors for malicious purposes. Threat actors have been using phishing emails with malicious links to lure users into a malicious website. However, if any securit…GBHACKERS.COM
20 DecRemote Encryption Attacks Surge: How One Vulnerable Device Can Spell DisasterRansomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially motivated actors to ensure the success of their campaigns. "Companies can have thousands of computers connected to their network, and wit…THEHACKERNEWS.COM
20 DecUpdate: Israel Blames Iran for Hospital Data BreachIsrael has identified Iran and Hezbollah as the perpetrators of a cyberattack on the Ziv Medical Center. The attack, which occurred last month, resulted in the theft of 500GB of medical data.DARKREADING.COM
🕵️ THREAT INTELLIGENCE 16[−]
20 DecISC Stormcast For Wednesday, December 20th, 2023 https://isc.sans.edu/podcastdetail/8786, (Wed, Dec 20th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
20 DecInterpol Arrested 3,500 Suspects and Seized $300 MillionIn a groundbreaking initiative spanning 34 countries, INTERPOL orchestrates Operation HAECHI IV, a relentless assault on online financial crime, yielding a formidable impact. Interpol, short for the International Criminal Police Organization, is a global entity dedicated to foste…GBHACKERS.COM
20 DecAlert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing WaveThe Chinese-speaking threat actors behind Smishing Triad have been observed masquerading as the United Arab Emirates Federal Authority for Identity and Citizenship to send malicious SMS messages with the ultimate goal of gathering sensitive information from residents an…THEHACKERNEWS.COM
20 DecProduct Explained: Memcyco's Real-Time Defense Against Website SpoofingHands-On Review: Memcyco’s Threat Intelligence Solution Website impersonation, also known as brandjacking or website spoofing, has emerged as a significant threat to online businesses. Malicious actors clone legitimate websites to trick customers, leading to financial scams and d…THEHACKERNEWS.COM
20 DecIranian APT Group Targets Telecom Organizations in North and East AfricaSeedworm (aka Muddywater) continues to use a combination of living-off-the-land and publicly available tools, but has also developed its own custom tools, such as a custom build of Venom Proxy and a custom keylogger.SYMANTEC-ENTERPRISE-BLOGS.SECURITY.COM
20 Dec3,500 Arrested, $300 Million Seized in International Crackdown on Online FraudAuthorities in 34 countries have cooperated to dismantle cyber-enabled scams as part of a six-month operation. The post 3,500 Arrested, $300 Million Seized in International Crackdown on Online Fraud appeared first on SecurityWeek .SECURITYWEEK.COM
20 DecGCHQ Christmas Codebreaking ChallengeLooks like fun . Details here .SCHNEIER.COM
20 DecHackers Stole Banking Details From Over 50,000 Users using Web InjectionsWeb injections involve injecting malicious code into websites to manipulate content or redirect users to fraudulent sites.  Threat actors use this technique to steal sensitive information, such as:- Cybersecurity researchers at Security Intelligence recently identified that …GBHACKERS.COM
20 Dec5 common data security pitfalls — and how to avoid themData protection has come a long way. In previous years, it was considered a “nice to have” and a line item on the budget further down the page. Today, it’s top of mind for almost every CIO or CISO across all industries. Yet many organizations are caught in the c…SECURITYINTELLIGENCE.COM
20 DecNSA Blocked 10 Billion Connections to Malicious and Suspicious DomainsThe National Security Agency has published a new yearly report detailing its cybersecurity efforts throughout 2023. The post NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains appeared first on SecurityWeek .SECURITYWEEK.COM
20 DecDecrypting the Sidewinder Cyber Intrusion TacticsThe Sidewinder group, a sophisticated APT group originating from South Asia, is behind a highly targeted cyber threat campaign involving a malicious Word document with an embedded macro, potentially targeting Nepalese government officials.CYFIRMA.COM
20 DecOkta to Acquire Israeli Startup Spera SecurityOkta agreed to acquire Spera Security in a move broaden Okta’s Identity threat detection and security posture management capabilities. The post Okta to Acquire Israeli Startup Spera Security appeared first on SecurityWeek .SECURITYWEEK.COM
20 Dec“Mr. Anon” Infostealer Attacks Start with a Fake Hotel Booking Query EmailThis new attack is pretty simple to spot on the front, but should it be successful in launching its’ malicious code, it’s going to take its’ victims for everything of value they have on their computer.KNOWBE4.COM
20 DecUK Supreme Court Says AI Can't Patent InventionsCourt Says Only a 'Person' Can Be an Inventor The U.K.'s highest court on Wednesday affirmed that an artificial intelligence system cannot be granted ownership of patents. AI "is not a person, let alone a natural person and it did not devise any relevant invention," wrote Justice…DATABREACHTODAY.CO.UK
20 DecSimSpace Scores $45 Million Investment to Expand Cyber Range Tech MarketsThe new round of financing was led by L2 Point Management and brings the total raised by Boston-based SimSpace to $70 million. The post SimSpace Scores $45 Million Investment to Expand Cyber Range Tech Markets appeared first on SecurityWeek .SECURITYWEEK.COM
20 DecFTC Bans Rite Aid From Using Facial Recognition Tech5-Year Ban Comes After Retailer Failed to Mitigate Security Surveillance Risks The Federal Trade Commission has banned Rite Aid from using AI-based facial recognition technology for security surveillance for five years after the retail drug store chain failed to implement safegua…DATABREACHTODAY.CO.UK
🌐 CYBER THREAT LANDSCAPE 4[−]
20 DecNew MetaStealer Malvertising Campaigns SpottedMetaStealer is a popular piece of malware that has been observed in recent malicious ad campaigns. The developers of MetaStealer have announced that they are releasing a new and improved version of the malware.MALWAREBYTES.COM
20 DecNew Go-Based JaskaGO Malware Targeting Windows and macOS SystemsA new Go-based information stealer malware called JaskaGO has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems. AT&T Alien Labs, which made the discovery, said the malware is "equipped with an extensive array o…THEHACKERNEWS.COM
20 DecGlobal Malspam Targets Hotels, Spreading Redline and Vidar StealersThe hospitality industry is being targeted by a sophisticated malspam campaign that uses social engineering tactics to trick hotel representatives into opening password-protected archives containing malware.HACKREAD.COM
20 DecMalware Leveraging Public Infrastructure Like GitGub on the RisePublic services like GitHub provide a convenient and less suspicious platform for malware authors to operate their C2 infrastructure, eliminating the need for maintaining their own servers.REVERSINGLABS.COM
📡 INFOSEC NEWS 16[−]
20 DecOkta Acquiring Cybersecurity Startup Spera for Over $100 MillionAmerican identity and access management company Okta is acquiring Israeli cybersecurity company Spera for approximately $100-130 million, marking Okta's first acquisition in Israel and highlighting the strength of the Israeli cyber industry.CALCALISTECH.COM
20 Dec3,500 Arrested in Global Operation HAECHI-IV Targeting Financial CriminalsA six-month-long international police operation codenamed HAECHI-IV has resulted in the arrests of nearly 3,500 individuals and seizures worth $300 million across 34 countries. The exercise, which took place from July through December 2023, took aim at various types of …THEHACKERNEWS.COM
20 Dec‘No Evidence’ of Foreign Election Interference in 2022 US Midterms, Spy Agencies SayThe U.S. intelligence community has stated that Russia and China attempted to influence the 2022 U.S. midterms, but were unsuccessful in hacking the election infrastructure or disrupting voting.THERECORD.MEDIA
20 DecNew Web Injections Campaign Steals Banking Data From 50,000 PeopleThe attackers infect victims' devices and then inject a script onto the victim's browser to modify webpage content. This new approach makes the attacks more stealthy and harder to detect.BLEEPINGCOMPUTER.COM
20 DecSmishing Triad Targets UAE Residents in Identity Theft CampaignSecurity researchers have observed a new fraudulent campaign orchestrated by the Smishing Triad gang and impersonating the United Arab Emirates Federal Authority for Identity and Citizenship.INFOSECURITY-MAGAZINE.COM
20 DecGerman police takes down Kingdom Market cybercrime marketplaceThe Federal Criminal Police Office in Germany (BKA) and the internet-crime combating unit of Frankfurt (ZIT) have announced the seizure of Kingdom Market, a dark web marketplace for drugs, cybercrime tools, and fake government IDs. [...]BLEEPINGCOMPUTER.COM
20 DecMicrosoft fixes Wi-Fi issues triggered by recent Windows updatesMicrosoft has fixed a known issue causing Wi-Fi network connectivity problems on Windows 11 systems triggered by recently released cumulative updates. [...]BLEEPINGCOMPUTER.COM
20 DecThe password attacks of 2023: Lessons learned and next stepsThe password attacks of 2023 involved numerous high-profile brands, leading to the exposure of millions of users' data. Learn more from Specops Software on how to respond to these types of attacks. [...]BLEEPINGCOMPUTER.COM
20 DecTech gifts you shouldn’t buy your family and friends for the holidaysIt’s the season to go a little overboard on gift giving. But this year, give the gift of good security (and privacy) and eschew tech that can have untoward risks or repercussions. We’re not talking about things that go boom in the night or abruptly break, but rather t…TECHCRUNCH.COM
20 DecCan you trust Windows Hello biometric authentication | Kaspersky official blogResearchers were able to bypass Windows Hello biometric authentication on Dell, Lenovo, and Microsoft Surface devices.KASPERSKY.COM
20 DecNew phishing attack steals your Instagram backup codes to bypass 2FAA new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. [...]BLEEPINGCOMPUTER.COM
20 DecCrypto scammers abuse X 'feature' to impersonate high-profile accountsCryptocurrency scammers are abusing a legitimate X "feature" to promote scams, fake giveaways, and fraudulent Telegram channels used to steal your crypto and NFTs. [...]BLEEPINGCOMPUTER.COM
20 DecCrypto scammers abuse Twitter ‘feature’ to impersonate high-profile accountsCryptocurrency scammers are abusing a legitimate Twitter "feature" to promote scams, fake giveaways, and fraudulent Telegram channels used to steal your crypto and NFTs. [...]BLEEPINGCOMPUTER.COM
20 DecThese aren’t the Androids you should be looking forYou may get more than you bargained for when you buy a budget-friendly smartphone and forgo safeguards baked into Google PlayWELIVESECURITY.COM